Added relay right and fixed relay permissions (#4682)

2025-03-09 15:40:18 +00:00 · 2022-11-01 16:05:36 -07:00 · 2022-11-01 16:05:36 -07:00 · e74a308113
commit e74a308113
parent 390ddd9fd6
6 changed files with 75 additions and 59 deletions
--- a/meshrelay.js
+++ b/meshrelay.js
@ -14,27 +14,29 @@
 "use strict";

 // Mesh Rights
-const MESHRIGHT_EDITMESH = 0x00000001;
-const MESHRIGHT_MANAGEUSERS = 0x00000002;
-const MESHRIGHT_MANAGECOMPUTERS = 0x00000004;
-const MESHRIGHT_REMOTECONTROL = 0x00000008;
-const MESHRIGHT_AGENTCONSOLE = 0x00000010;
-const MESHRIGHT_SERVERFILES = 0x00000020;
-const MESHRIGHT_WAKEDEVICE = 0x00000040;
-const MESHRIGHT_SETNOTES = 0x00000080;
-const MESHRIGHT_REMOTEVIEWONLY = 0x00000100;
-const MESHRIGHT_NOTERMINAL = 0x00000200;
-const MESHRIGHT_NOFILES = 0x00000400;
-const MESHRIGHT_NOAMT = 0x00000800;
-const MESHRIGHT_DESKLIMITEDINPUT = 0x00001000;
-const MESHRIGHT_LIMITEVENTS = 0x00002000;
-const MESHRIGHT_CHATNOTIFY = 0x00004000;
-const MESHRIGHT_UNINSTALL = 0x00008000;
-const MESHRIGHT_NODESKTOP = 0x00010000;
-const MESHRIGHT_REMOTECOMMAND = 0x00020000;
-const MESHRIGHT_RESETOFF = 0x00040000;
-const MESHRIGHT_GUESTSHARING = 0x00080000;
-const MESHRIGHT_ADMIN = 0xFFFFFFFF;
+const MESHRIGHT_EDITMESH            = 0x00000001; // 1
+const MESHRIGHT_MANAGEUSERS         = 0x00000002; // 2
+const MESHRIGHT_MANAGECOMPUTERS     = 0x00000004; // 4
+const MESHRIGHT_REMOTECONTROL       = 0x00000008; // 8
+const MESHRIGHT_AGENTCONSOLE        = 0x00000010; // 16
+const MESHRIGHT_SERVERFILES         = 0x00000020; // 32
+const MESHRIGHT_WAKEDEVICE          = 0x00000040; // 64
+const MESHRIGHT_SETNOTES            = 0x00000080; // 128
+const MESHRIGHT_REMOTEVIEWONLY      = 0x00000100; // 256
+const MESHRIGHT_NOTERMINAL          = 0x00000200; // 512
+const MESHRIGHT_NOFILES             = 0x00000400; // 1024
+const MESHRIGHT_NOAMT               = 0x00000800; // 2048
+const MESHRIGHT_DESKLIMITEDINPUT    = 0x00001000; // 4096
+const MESHRIGHT_LIMITEVENTS         = 0x00002000; // 8192
+const MESHRIGHT_CHATNOTIFY          = 0x00004000; // 16384
+const MESHRIGHT_UNINSTALL           = 0x00008000; // 32768
+const MESHRIGHT_NODESKTOP           = 0x00010000; // 65536
+const MESHRIGHT_REMOTECOMMAND       = 0x00020000; // 131072
+const MESHRIGHT_RESETOFF            = 0x00040000; // 262144
+const MESHRIGHT_GUESTSHARING        = 0x00080000; // 524288
+const MESHRIGHT_DEVICEDETAILS       = 0x00100000; // 1048576
+const MESHRIGHT_RELAY               = 0x00200000; // 2097152
+const MESHRIGHT_ADMIN               = 0xFFFFFFFF;

 // Protocol:
 // 1 = Terminal
@ -868,8 +870,8 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
                if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket
                const node = docs[0];

-                // Check if this user has permission to manage this computer
-                if ((obj.nouser !== true) && ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0)) { console.log('ERR: Access denied (1)'); try { obj.close(); } catch (e) { } return; }
+                // Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
+                if ((obj.nouser !== true) && ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0)) { console.log('ERR: Access denied (1)'); try { obj.close(); } catch (ex) { } return; }

                // Set nodeid and meshid
                obj.nodeid = node._id;
@ -907,8 +909,8 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
                if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket
                const node = docs[0];

-                // Check if this user has permission to manage this computer
-                if ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
+                // Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
+                if ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (ex) { } return; }

                // Set nodeid and meshid
                obj.nodeid = node._id;
@ -963,8 +965,8 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
                if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket
                const node = docs[0];

-                // Check if this user has permission to manage this computer
-                if ((obj.nouser !== true) && ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0)) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
+                // Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
+                if ((obj.nouser !== true) && ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0)) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (ex) { } return; }

                // Set nodeid and meshid
                obj.nodeid = node._id;
@ -1017,8 +1019,8 @@ function CreateMeshRelayEx(parent, ws, req, domain, user, cookie) {
                    if (docs.length == 0) { console.log('ERR: Node not found'); try { obj.close(); } catch (e) { } return; } // Disconnect websocket
                    const node = docs[0];

-                    // Check if this user has permission to manage this computer
-                    if ((parent.GetNodeRights(user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
+                    // Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
+                    if ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (ex) { } return; }

                    // Set nodeid and meshid
                    obj.nodeid = node._id;
@ -1263,8 +1265,8 @@ function CreateLocalRelayEx(parent, ws, req, domain, user, cookie) {
            obj.host = node.host;
            obj.meshid = node.meshid;

-            // Check if this user has permission to manage this computer
-            if ((parent.GetNodeRights(obj.user, node.meshid, node._id) & MESHRIGHT_REMOTECONTROL) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (e) { } return; }
+            // Check if this user has permission to relay thru this computer (MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights)
+            if ((parent.GetNodeRights(obj.user, node.meshid, node._id) & 0x00200008) == 0) { console.log('ERR: Access denied (2)'); try { obj.close(); } catch (ex) { } return; }

            // Setup TCP client
            obj.client = new net.Socket();